Call of Duty Modern Warefare 2 - Buffer Overflow

A few years ago, I became aware of a security issue in most Call of Duty games. Although I did not discover it myself, I thought it might be interesting to see what it could be used for. Without going into detail, this security issue allows users playing a Call of Duty match to cause a buffer...

Security Vulnerabilities in Smart Contracts

Interesting research: "Finding The Greedy, Prodigal, and Suicidal Contracts at Scale": Abstract: Smart contracts -- stateful executable objects hosted on blockchains like Ethereum -- carry billions of dollars worth of coins and cannot be updated once deployed. We present a new systematic...

Attacks Leveraging Adobe Zero-Day (CVE-2018-4878) – Threat Attribution, Attack Scenario and Recommendations

On Jan. 31, KISA KrCERT published an advisory about an Adobe Flash zero-day vulnerability CVE-2018-4878 being exploited in the wild. On Feb. 1, Adobe issued an advisory confirming the vulnerability exists in Adobe Flash Player 28.0.0.137 and earlier versions, and that successful exploitation coul...

OTRS 5.0.x6.0.x - Remote Command Execution

OTRS 5.0.x6.0.x - Remote Command Execution Exploit Title: OTRS Shell Access Date: 21-01-2018 Exploit Author: Bæln0rn Vendor Homepage: https://www.otrs.com/ Software Link: http://ftp.otrs.org/pub/otrs/ Version: 4.0.1 - 4.0.26, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Tested on: OTRS 5.0.2/CentOS 7.2.1511 CVE...

Zomato Clone Script Arbitrary File Upload

Zomato Clone - Arbitrary File Upload Date: 16.01.2018 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/099S4111872/php-scripts/zomato-clone-script Demo: http://jhinstitute.com/demo/foodpanda/ Version: N/A Category: Webapps Tested on: Windows 10...

Vulners.com vulnerability detection plugins for Burp Suite and Google Chrome

What is the main idea of version-based vulnerability detection, especially for Web Applications? With an access to the HTTP response html, headers, scripts, etc., you can get the name and version of some standards web application e.g. CMS, CRM, wiki, task tracker or names and versions of software...

IKARUS anti.virus 2.16.7 - 'ntguard_x64' Local Privilege Escalation

/ Exploit Title - IKARUS anti.virus Arbitrary Write Privilege Escalation Date - 13th November 2017 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - https://www.ikarussecurity.com/ Tested Version - 2.16.7 Driver Version - 0.18780.0.0 - ntguardx64.sys Tested on OS - 64bit Windows 7 and...

CVE-2017-8759 のエクスプロイトの検出と無効化

本記事は、Microsoft Malware Protection Center のブログ “Exploit for CVE-2017-8759 detected and neutralized” 2017 年 9 月 12...

Apple iOS < 10.3.1 - Kernel

Sources: https://github.com/doadam/ziVA https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/ ziVA An iOS kernel exploit designated to work on all 64-bit iOS devices = 10.3.1 More general information https://blog.zimperium.com/zimperium-zlabs-ios-security-advisories/...

Remote Command Execution in git client (CVE-2017-12426)

Remote Command Execution in git client CVE-2017-12426 An external code review performed by Recurity-Labs identified a remote command execution vulnerability in git that could be exploited via the "Repo by URL" import option in GitLab. The command line git client was not properly escaping command...

Hashicorp vagrant-vmware-fusion 4.0.23 Local Root Privilege Escalation

CVE-2017-11741 Local root privesc in Hashicorp vagrant-vmware-fusion = 4.0.23 2 Aug 2017 06:49 A couple of weeks ago I disclosed a local root privesc in Hashicorp's vagrant-vmware-fusion plugin: https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmwarefusion--4020.html The...

The Real-World Impact of Bug Bounties and Vulnerability Research

Running the world’s largest vendor agnostic bug bounty program has afforded us the unique opportunity to purchase bugs of all varieties. The submissions to the Zero Day Initiative ZDI program range in severity from slightly annoying to hugely impactful. We wouldn’t have it any other way. Generall...

QuickSand.io - Tool For Scanning Streams Within Office Documents Plus Xor DB Attack

QuickSand is a compact C framework to analyze suspected malware documents to 1 identify exploits in streams of different encodings, 2 locate and extract embedded executables. By having the ability to locate embedded obfuscated executables, QuickSand could detect documents that contain zero-day or...

Threat Outbreak Alert RuleID29050: Email Messages Distributing Malicious Software on May 10, 2017

Medium Alert ID: 53790 First Published: 2017 May 10 18:43 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID29050 may contain the following files: Name | Size...

Clean Login <= 1.7.12 - Change Redirect URL CSRF

The Clean Login WordPress plugin was affected by a Change Redirect URL CSRF security vulnerability...

CVE-2017-7269 a few tips and BUG fixes-vulnerability warning-the black bar safety net

Seen the analysis, to talk about the use of a few tips. 1. Vulnerability scope The original poc above wrote only applies to the 03 r2, in fact, the most common of 03 sp2 can also be directly reproduced, so it seems that the attack range is very large, after all, the domestic selling most of the 0...

Apache Struts 2 Jakarta Multipart Parser file upload command execution

Added: 03/16/2017 CVE: CVE-2017-5638 BID: 96729 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem The Jakarta...

D-Link DSL-2730U Wireless N 150 - Cross-Site Request Forgery

D-Link DSL-2730U Wireless N 150 - Cross-Site Request Forgery Author : B GOVIND Exploit Title : DLink DSL-2730U Wireless N 150, Change DNS Configuration bypassing ‘admin’ privilege Date : 01-03-2017 Vendor Homepage : http://www.dlink.co.in Firmware Link : ftp://support.dlink.co.in/firmware/DSL-273...

Wordpress Tevolution Plugin 2.3.1 Arbitrary Shell Upload Vulnerability

Exploit for php platform in category web applications Exploit Title : Wordpress Tevolution Plugin 2.3.1 Arbitrary Shell Upload Vulnerability Exploit Author : xBADGIRL21 Dork : inurl:/wp-content/plugins/Tevolution/tmplconnector Vendor Homepage : https://templatic.com/ version : 2.3.1 Tested on:...

Windows-Exploit-Suggester v3.2 - Compares a targets patch levels against the Microsoft vulnerability database

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins. It requires the 'systeminfo' comman...